Course Overview:
TN-542: Establishing a Security Operations Center (SOC) People, Processes, and Technologies is the big picture overview of a SOC, other courses provide a deep dive into the technologies that a SOC may utilize. This course addresses the internal workings of staff, skills required, required authorizations, internal agreements, and setting appropriate expectation levels of a SOC within budget constraints. A SOC is not a one size fits all, the instructor has decades of security experience and brings to the table opportunities to discuss what can work within constraints. Many organizations are coming to the realization that some level of a SOC is now required and to learn just what decisions need to be made: Out-sourced, In-sourced, budgets, capabilities and many more. Students leave with a worksheet of how to progress when they get back to their organization.
TN-542: Establishing a Security Operations Center (SOC) People, Processes, and Technologies – Is a course that incorporates lecture, demos, and group exercises for standing up a Security Operations Center (SOC). Students learn strategies and resources required to deploy, build, and run Network Security Monitoring (NSM) and work roles and flows for a SOC. No network is bullet proof and when attackers access your network, this course will show you options and resources to build a security net to detect, contain, and control the attacker. Examples on what it takes to architect an NSM solution to identify sophisticated attackers and a response strategy. Properly implemented detection and response technologies is integral to incident response and provides the responders timely information and tools to react to the incident. Effective demonstrations are given of Open Source technologies that build up a SOC, but any software can be used and demonstrations are provided to demonstrate technology families not push a specific solution.
TN-542: Establishing a Security Operations Center (SOC) People, Processes, and Technologies demonstrations utilize a cyber range that gives each student in-depth knowledge of monitoring live systems to include: Cisco, Windows, Linux, IoT, and Firewalls; and software and services to provide orchestrate Incident Response, Intelligence Analysis, and Hunt Operations.
Attendees to TN-542: Establishing a Security Operations Center (SOC) People, Processes, and Technologies class will receive TechNow approved course materials and expert instruction.
Dates/Locations:
Duration: 2 Days
Course Objective:
-
- To provide management an overview of what it takes to stand up a SOC.
Prerequisites:
- Students should have an understanding of the security field.
Course Outline:
- What threats does my organization care about?
- What does a threat look like?
- What does a threat look like?
- How to present the SOC internally.
- Communication with Stakeholders and Executives Leveraging and integrating existing security measures
- People
- Establishing a skill matrix and work roles for SOC members
- Establishing a training path
- Personnel background requirementsProcesses
- Processes
- Alignment to standards: NIST, PCI, HIPAA, etc.
- Risk related decision trees
- Playbooks
- Threat Intelligence Integration
- Technology – Tool Suites to Support:
- Ethical Hacking
- Network Security Monitoring and SIEM
- Forensics
- Dashboards
- Analysis and Hunting
- Incident Management and Ticketing
Comments
Latest comments from students